You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Register a free account to unlock additional features at BleepingComputer.com

Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

ebweikb.exe

I opened a file from an email claiming to be WhatsApp. I know seem to have been infected. Multiple instance of ebweikb.exe keep running in my processes, and If they are trying to download files to my computer. Security Essentials has been finding the same "password stealer" and "exploit" malicious programs.

I found this page herehttp://www.bleepingcomputer.com/forums/t/516346/whatsapp-voicemail-virus-removal/
I believe MsInformation fell victim to the same scam.
I have the programs downloaded and on my desktop that Fireman asked her to use. I used them and they removed a lot of stuff but unfortunately not the program I am having issues with. My computer is becoming unusable. I am starting to panic.
I have teamviewer and am more than happy letting you poke around my computer.

I would like to welcome you to the Malware Removal section of the forum.

Around here they call me Gringo and I will be glad to help you with your malware problems.

Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!

Please do not run any tools unless instructed to do so.

We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.

Please do not attach logs or use code boxes, just copy and paste the text.

Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.

Please read every post completely before doing anything.

Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.

Please provide feedback about your experience as we go.

A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.

NOTE: At the top of your post, click on the "Follow This Topic" Button, make sure that the "Receive notification" box is checked and that it is set to "Instantly" - This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

These are the programs I would like you to run next, if you have any problems with one of these just skip it and move on to the next one.

First I just want to thank you for taking the time and replying to my post so quickly. I was really starting to worry.

Prior to your instructions I had already downloaded and ran the AdwCleaner earlier in the day. LOVED the result - finally got rid of babylon and others - although it did not fix my virus. Here is the log:

My computer would slow right down, and I would have to open task manager and end the multiple instances of 'ebweikb.exe', some of wich would be running as much as 500,000 K. This was necessary every 40 seconds or so or it would freeze entirely. My security essentials is also detecting 'PSW:Win32/Zbot.gen!AP' every few minutes when I have it on.

After running the JRT the computer operated as it should for a few moments, but then I turned my Security Essentials back on and it detected the same 'PSW:Win32/Zbot.gen!AP'. The ebwiekb.exe are now running the same as before the JRT scan aswell. Back where I started. Would deleting the .exe file solve this problem?

My computer crashed last night right after posting my last reply. I turned it on this morning about an hour and a half ago, and it has been stuck in startup repair mode ever since. I do not think its going to turn on. Anything I can do at this point?

The computer eventually turned on, and I was able to download and run Combofix. The computer crashed the first time and I had to retry. The second time was successfull, I believe it finished and it restarted my computer, but when I logged in it shutdown. I am not sure where to find the log for combofix. I have turned realtime protection back on and am performing a full scan with Security Essentials. The ebweikb.exe has not showed up in my proccesses and the computer is running at normal speed. The 'password stealing' program that Security Essentials was finding every 10 seconds hasn't popped up since last restart after running Combofix. Looking good so far! I will update you with the results of my scan shortly.

Completed the full scan. Nothing was detected and my computer is running just as fast as before. Maybe even faster

Thanks a lot, seems like the ComboFix did the trick. If you are still interested in seeing the log maybe you can tell me where it would be saved too? I think it might have turned off before creating one, but either way, I'm fixed.

Since my last post My computer has crashed twice. It crashes once in a while but never 2 times in a row like that. Not sure it it is related or not. I am also unable to search for videos on Youtube. It keeps coming back with an internal server error. Again not sure if that is my computer or youtube, or if it is even related or not, but it is a new problem.